pypi
4,979 tracked vulnerabilities.
CVE-2026-44304
HIGH
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43948
CRITICAL
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
May 12, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-42545
MEDIUM
Granian: DoS via WSGI response header panic
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-42544
HIGH
Granian: Unauthenticated DoS via WebSocket subprotocol header panic
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42196
CRITICAL
django-s3file: Relative path traversal
May 12, 2026
EPSS 0.01
CVE-2026-44223
MEDIUM
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44222
MEDIUM
vLLM: Remote DoS via Special-Token Placeholders
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44220
LOW
ciguard: discover_pipeline_files follows symlinks out of scan root
May 12, 2026
CVSS 3.2
EPSS 0.00
CVE-2026-44219
LOW
ciguard: SCA HTTP client reads response body without size cap
May 12, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44218
LOW
ciguard: Container image runs as root (no USER directive)
May 12, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-43891
HIGH
changedetection.io: Arbitrary Local File Read via crafted backup restore
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42303
MEDIUM
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
May 12, 2026
EPSS 0.00
CVE-2026-42175
MEDIUM
requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42048
CRITICAL
Langflow: Path Traversal in Langflow Knowledge Bases API
May 12, 2026
CVSS 9.6
EPSS 0.04
CVE-2026-41895
HIGH
changedetection.io: XXE vulnerability in the changedetection.io project
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31245
MEDIUM
mem0 1.0.0 - Unauthenticated Arbitrary Memory Record Creation via Memory Creation API Endpoint
May 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31241
MEDIUM
mem0 1.0.0 - Unauthenticated Memory Deletion via DELETE /memories Endpoint
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31240
HIGH
mem0 1.0.0 - Unauthenticated Memory Record Manipulation via Memory Management API
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31239
CRITICAL
mamba < 2.2.6 - Remote Code Execution via Insecure Model Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31238
CRITICAL
Ludwig Framework <=0.10.4 - Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31237
CRITICAL
Ludwig Framework <=0.10.4 - Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-31236
CRITICAL
llm CLI < 0.27.1 - Remote Code Execution via --functions Argument
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31235
CRITICAL
imgaug <= 0.4.0 - Remote Code Execution via Insecure Pickle Deserialization in BackgroundAugmenter
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31234
CRITICAL
Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via Insecure KVStore Deserialization
May 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-31233
CRITICAL
Guardrails AI Hub <0.6.7 - Code Injection
May 12, 2026
CVSS 9.8
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters